Announcing SOC 2 Type I Certification for Scalr
We are pleased to announce that Scalr is officially SOC 2 Type 1 certified.
We are pleased to announce that Scalr is officially SOC 2 Type 1 certified.
A copy of Scalr's SOC 2 Type 1 certification report is available to current and potential users under NDA upon request.
What is SOC 2 Type I?
A SOC 2 Type I certification is performed by an independent third-party auditor. It certifies that a service provider such as Scalr has implemented all the necessary controls to securely manage customer data at a specific point in time.
Scalr has been evaluated according to the 5 trust service principles defined by the AICPA (American Institute of Certified Public Accountants):
- Security: is Scalr protected against unauthorized access?
- Availability: is Scalr able to deliver on its SLA?
- Processing integrity: is the Scalr service properly designed not to produce data processing errors?
- Confidentiality: is the data processed by Scalr only accessible by a limited number of authorized individuals?
- Privacy: is Scalr protecting customers' personal data?
Why does SOC 2 Type I matter?
Keeping our customers' data secure and the Scalr service reliable drives most of what we do. Our product, security, and engineering teams built the Scalr system to run securely at scale for demanding use cases.
Organizations with strict security requirements rely on Scalr to govern their mission-critical Terraform deployments. That includes up-and-coming FinTech companies, worldwide retail brands, and US government agencies.
A SOC 2 Type I report lets anyone assess a service provider's security and reliability faster. For us, the Type I certification is one piece of a wider security framework. It gives our community a clear signal about how we handle our own security practices.
We're continuously monitoring and improving our security posture, and for more information about Scalr's security practices, please visit www.scalr.com/system-description
Our next milestone: SOC 2 Type II
Now that we've achieved the Type I certification, we're focused on our next milestone: achieving SOC 2 Type II compliance.
The Type II report will validate the effectiveness of the controls that have been implemented for the Type I audit over a duration of 6 months instead of a specific point in time.
Stay tuned for our next SOC 2 Type II blog post!